Chapter 18. Purple Teaming

Purple teaming can be described as the defensive professionals (blue team) learning and practicing offensive (red team) techniques. The more knowledge you have in regards to the attacks that others are performing on your environment, the better position you will be in to defend it. You can fill your shelves with the great red teaming books that are out there today, so we will be focusing on some general concepts, ideas, and exercises that would best benefit the blue team. Not only will implementing purple team practices and exercises in your organization give you a better overall security posture, but it can be that extra boost that shows upper-level management and key stakeholders why certain security measures need to be put in place without having to wait for an actual breach.

Open Source Intelligence

Open source intelligence, or OSINT, is defined as:

“The discipline that pertains to intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.

Open-source intelligence (OSINT) is derived from the systematic collection, processing, and analysis of publicly available, relevant information in response to intelligence requirements.”1

Many attackers or teams will use OSINT to gather information in a multitude of ways about your company or high-profile employees of your company. The information ...

Get Defensive Security Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.